Compare Cisco ASA NGFW vs. Fortinet FortiGate

Cisco ASA NGFW is ranked 2nd in Firewalls with 63 reviews while Fortinet FortiGate which is ranked 1st in Firewalls with 58 reviews. Cisco ASA NGFW is rated 7.8, while Fortinet FortiGate is rated 7.8. The top reviewer of Cisco ASA NGFW writes "Enables us to to track traffic in inbound and outbound patterns so we can set expectations for network traffic". On the other hand, the top reviewer of Fortinet FortiGate writes "The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors". Cisco ASA NGFW is most compared with Fortinet FortiGate, Meraki MX Firewalls and Cisco Firepower NGFW, whereas Fortinet FortiGate is most compared with Cisco ASA NGFW, Sophos UTM and Meraki MX Firewalls. See our Cisco ASA NGFW vs. Fortinet FortiGate report.
Cancel
You must select at least 2 products to compare!
Cisco ASA NGFW Logo
125,696 views|52,401 comparisons
Fortinet FortiGate Logo
264,824 views|112,213 comparisons
Most Helpful Review
Find out what your peers are saying about Cisco ASA NGFW vs. Fortinet FortiGate and other solutions. Updated: July 2019.
352,760 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
Integration with all the other Cisco tools is valuable.We moved from a legacy firewall to the ASA with FirePOWER, increasing our Internet Edge defense dramatically.Cisco ASA NGFW significantly improves our bank. It protects any high-value products that we use from hackers, viruses, malware, and script-bots. It gives us metrics on network traffic as well as what kind of attacks we are getting from the outside.Right now, Cisco ASA NGFW has given us a lot of improvement. We are planning to move to a new facility and will be a much larger organization.The feature that I found most valuable is the overall stability of the product.The stability of Cisco ASA is excellent compared to other products on the market. Because of our customer experience as an integrator company, our clients never report any performance problems. We have a good performance reputation with Cisco ASA.I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little on Palo Alto Networks equipment. There is a lot I have to learn about the difference.We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area.

Read more »

This solution has solid UTM features combined with a nice GUI.This is a quality product with ok support, and it is better than the competition we've tried.The features that we have found most valuable are the SSL VPN and the User Portal.We have been able to offer several services to customers in a single box.The most important features with FortiGate are the web filter and application controls. We can control our internet usage and use the web filter for application purposes.It is user friendly, and has all the features you need.We are very happy with the general bandwidth agility we have seen from one website to another website.The most important features of Fortinet FortiGate are the Intrusion Prevention System (IPS) and firewall control applications.

Read more »

Cons
With regards to stability, we had a critical bug come out during our evaluation... not good.The product would be improved if the GUI could be brought into the 21st Century.Cisco should improve its user interface design. There is a deep learning curve to the product if you are a newcomer.There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products.One of my main concerns, an area that could use improvement is in adjusting the need to buy a license to enable features.Usually, the customers are satisfied, but I am going to recommend that all clients upgrade to FirePOWER management. I want Cisco to improve the feature called anti-spam. We use a Cisco only email solution, that's why we need the anti-spam on email facility.The installation and integration of Cisco ASA with FirePOWER can be improved. The management with Fortigate is easier than Cisco ASA on FirePOWER. The management side of Cisco ASA can be improved so it can be more easily configured and used.Most of the time, when I try to run Java, it is not compatible with ASA's current operating systems.

Read more »

The Web-filter in this solution is not very good.FortiOS is not simple.This product could be improved with Active directory integration and better handling in IPsec and GRE Tunnels.I use the FortiGate 60D model and realized the 300Mbps bandwidth limitation. Because it is a product that offers many services, I think it could have greater bandwidth capacity.Some features of Fortinet FortiGate are actually fee enabled that are inconvenient for deploying in production. Other issues relate to isolation with Cisco products and your server.I feel that the reporting needs to be improved.I have to say that the initial setup was complex. The deployment took a few days to get set up. Initially, we were using an IPVanish. We switched to this tool since we thought it would be easier. But it turns out it wasn't easier to set up and run.The main aspect of FortiGate that could be improved is load balancing. Our management team does not want to buy another appliance for only load balancing.

Read more »

Pricing and Cost Advice
Watch out for hidden licensing and incredibly high annual maintenance costs.We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement.The cost is a big factor for us. This is why we are using it only in our restricted area. They are very much higher than their competitors in the market.Licensing is expensive compared to other solutions.Pricing is high, but it is essentially a corporate decision.The cost is a bit high compared to other solutions in the market.Cisco recently has become very expensive.The cost is a bit higher than other competitive solutions on the market.

Read more »

Before choosing a piece of equipment you have to take into account the cost-benefit offered by each one. Sometimes it is not worth paying a very cheap price to have a minimum level of security.Each feature costs money, so it is important to study your needs.I would say that all things considered, the pricing is pretty good.Fortinet is reasonable in pricing and licensing. Overall, FortiGate is affordable. The licensing fee can be a little high, depending on the budget for your project.Our licensing costs are on a yearly basis.Compared to Palo Alto, which we have used in the past, pricing and licensing are okay.Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.The initial setup is super straight forward and as far as the licensing goes for the small product that we have, the pricing was pretty competitive. It wasn't as simple and as cheap as a SonicWall but for the service we would get it was a good price.

Read more »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
352,760 professionals have used our research since 2012.
Answers from the Community
Miriam Tover
Alberto E. Luna RodriguezReal User

Fortinet FGs: Great devices, relatively easy to deploy and maintain. Cheaper than most devices of their kind. If you're looking for a lot of features at a relatively low price point this is the way to go. However, beware of Fortinet's promises performance-wise, if you take this route you'll want to over-dimension your device a bit, otherwise you will not be activating the features you're buying. Stability and reliability is OK (careful with software upgrades as they tend to break some things).

Cisco ASA: My personal preference because of the peace of mind they provide (specially if it's your phone that rings every time something breaks). Not as friendly as Fortinet, takes effort deploy and maintain. They are more expensive and offer less features, but they do the work they are built for, and they do it exceptionally. If you are looking for stability, reliability and great support, and you don't mind spending some extra dollars then this is the way to go, Firepower adds some of the missing features that other vendors offer, but not as well integrated IMO. They are improving on that regard, but still lag behind other vendors with UTM devices.

18 December 18
KevinRobertsConsultant

Cisco has been playing catchup for years with regards to firewalls, they still don't have it. Personal preference is PA however I would also recommend Fortinet hands down over the Cisco ASA if my job depended on it.

17 December 18
Vejai SammyUser

Cisco ASA is an excellent product if you don't need UTM capabilities and will be leveraging other security solutions to complete your security architecture. We recently replaced our ASA with Fortinet as the latter provided a UTM device that was more inline with our strategy to simplify our architecture and operations. The Fortinet VDOM approach is miles ahead of Cisco providing flexibility in how we deploy our security appliance which would be much more difficult with the ASA. Even though we are a Cisco shop, the FortiGate has proven to be easier to manage and gets the job done, no issues after almost 1 year of operation. Other benefits include the lower cost, less complexity in licensing and the FortiOS Security Fabric which can extend seamlessly to incorporate switches and APs allowing you to easily build out your security infrastructure and manage it all through a single pane of glass with FortiAnalyzer and FortiManager integrated into the box. What more can you ask for?

24 June 19
Network Engineer with 201-500 employeesReal User

1. The biggest difference between the two is the pricing. You can get a higher model of FortiGate with all the bells and whistles for a quarter of the price of the basic model of the Cisco Firepower (cisco's next gen firewalls).
2. Cisco ASA will be end of production pretty soon. I am unsure if they will continue to sell the ASA with Firepower bundle.
3. The only upside of buying Cisco these days is for the TAC support which of course comes with a huge cost of smartnet support cost.
4. The down side of FortiGate is that their support isn't as great as Cisco. So if you know what you are doing you can get by with FortiGate just fine and save a bunch of money in the process. It is not that difficult to work with FortiGate.
5. My suggestion is do a Proof of Concept with both the hardware on site and evaluate the performance and ease of use. Your sales rep for Cisco and FortiGate should be able to get you a demo device.
6. Also key when choosing a firewall is understanding the nature of your traffic. For example: My previous company dealt with a lot of bid traffic which are really small packets but in large numbers and the Palo Alto firewall that we brought for almost $500K could not handle it, hence do your due diligence and understand the traffic that will be passing through the firewall.
7. Evaluate the firewall to see if it can handle east-west traffic security (zero trust deployment).

19 December 18
VinodPolReal User

In Comparison between Cisco ASA and Fortinet, I can recommend always Fortinet is Ahead of Cisco. Being deployed both firewalls into our managed environment I have better experience with Fortinet,
1. FortiGate Hardware is seen to be providing better performance in front of Cisco where Hardware issues are almost NIL. Failover between devices is seamless comparing Cisco ASA
2. The port density and type (Copper/fiber) comes along with Any FortiGate hardware at his throughput comparison level is high and you will have privilege to deploy firewall in your customize scenarios. Which further gives cost advantage.
3. The VDOM management concept is one of the differentiated factor where manageability and sharing firewall in multi environment projects is saves cost.
4. Forti manager and Forti analyzer are best to manage multiple firewalls in single pane.
5. Both firewalls Support most NGFW features. But I feel FortiGate is superior with respect to management of policies, IP based, user based, DNS based and application based.
6. Support wise FortiGate is seen advance in front of Cisco TAC.
7. Mainly, you will not see or less IOS bugs, vulnerabilities in Foregate where Cisco you have to constant keep upgrading with frequent IOS releases.
8. You will see more API integration options with FortiGate than ASA to customize, automate some of the operational cases.

18 December 18
COO/CTO at a pharma/biotech company with 11-50 employeesReal User

Before I respond completely, does it matter if the bandwidth is compromised while all firewall apps are active?

My experience with Fortinet was heavy overhead while their firewall apps were active. This was with a 1GHz Verizon FIOS business account (1 GHz up AND download). Hardwired endpoints and WiFi connections using Fortigate APs were under 20 devices. We were below 100 MHz and was confirmed with my 3rd party whom I had a 5 day a week 8 hours/day support account. That is a greater than 90% overhead. The Fortinet device was a 90-D router - that was overkill for what my company size was and yet, still had that performance.

17 December 18
Jefferson LoiseauUser

In order to answer that question a few things needs to be understood about the current environment.

For small to medium business where funding is a concern, the Fortinet are a very good long term solution. If you are deploying an External and Internal environment, you could leverage a combination of both where the Cisco ASA is on the internal and Fortinet on the external.

Fortinet’s are easier to deploy and there security approach is top end.

ASA are a bit more difficult and with the FirePower are known to be an issue when deploying and pushing out policies.

I’d be more inclined to go with the Fortinet’s than ASA’s is staff and resources are limited.

17 December 18
Goumou FerdinandReal User

Hello, I recommend Cisco ASA, it is very consistence, powerful, flexible and interoperability that is the main goal of Cisco products. I always recommend to my client ASA if they need Firewall only.
Fortigate is a good product, easy to implement and manage, it is also less expensive compare to ASA, I most of the time recommend Fortinet to a client who have limited budget for security, so by choosing Fortigate, the client can use the other services such as antivirus, malware protection, application control and so on.
So in summary the choice is not made base on the device, but base on the customer infrastructure, budget and technical resource they have to manage the devices.

Cheers,

20 December 18
Ranking
2nd
out of 49 in Firewalls
Views
125,696
Comparisons
52,401
Reviews
67
Average Words per Review
313
Avg. Rating
7.9
1st
out of 49 in Firewalls
Views
264,824
Comparisons
112,213
Reviews
58
Average Words per Review
362
Avg. Rating
8.5
Top Comparisons
Compared 37% of the time.
Compared 18% of the time.
Compared 11% of the time.
Also Known As
Cisco ASA, Adaptive Security Appliance, ASAFortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Learn
Cisco
Fortinet
Overview

Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.

Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.

Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.

The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

Offer
Free Trial

Start your two week free trial.

Learn more about Fortinet FortiGate
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
Top Industries
REVIEWERS
Financial Services Firm19%
Manufacturing Company12%
Comms Service Provider10%
University7%
VISITORS READING REVIEWS
Comms Service Provider21%
Financial Services Firm14%
Manufacturing Company11%
Transportation Company8%
REVIEWERS
Comms Service Provider11%
Financial Services Firm11%
Healthcare Company9%
Real Estate/Law Firm9%
VISITORS READING REVIEWS
Cloud Provider20%
Comms Service Provider9%
Writing And Editing Position9%
Manufacturing Company7%
Company Size
REVIEWERS
Small Business38%
Midsize Enterprise26%
Large Enterprise36%
VISITORS READING REVIEWS
Small Business41%
Midsize Enterprise26%
Large Enterprise33%
REVIEWERS
Small Business51%
Midsize Enterprise24%
Large Enterprise24%
VISITORS READING REVIEWS
Small Business54%
Midsize Enterprise32%
Large Enterprise14%
Find out what your peers are saying about Cisco ASA NGFW vs. Fortinet FortiGate and other solutions. Updated: July 2019.
352,760 professionals have used our research since 2012.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Sign Up with Email